Slashdot Mirror
Aussie Kids Foil Finger Scanner With Gummi Bears
mask.of.sanity writes "An Australian high school has installed 'secure' fingerprint scanners for roll call for senior students, which savvy kids may be able to circumvent with sweets from their lunch box. The system replaces the school's traditional sign-in system with biometric readers that require senior students to have their fingerprints read to verify attendance.
The school principal says the system is better than swipe cards because it stops truant kids getting their mates to sign-in for them. But using the Gummi Bear attack, students can make replicas of their own fingerprints from gelatin, the ingredient in Gummi Bears, to forge a replica finger. The attack worked against a bunch of scanners that detect electrical charges within the human body, since gelatin has virtually the same capacitance as a finger's skin."
And the kids circumvent it by keeping the gummy bears in their pockets on the way to class.
Once again, a "foolproof" system proves to be only as useful as the fool who invented it.
Fuck, YES. I read the original story, about the school introducing this moronic system, and could only shake my head. Attempts at total control are generally the solution proffered by lazy bureaucrats as an alternative to them doing their jobs. Here’s an idea - instead of working out ways of forcing the kids into school and keeping them there - why not work to make it compelling for them to come to school in the first place. I know, hard, right? Idiots. However, the creative (dare I say scientific) solution employed, and so quickly makes me remotely proud of our clever children. It’s nice to see the kids are far more intelligent and creative than their so-called teachers. I will have somewhat less pride when they remotely drain my bank account and I am forced to live on cast off gummi bears, but hey.
Nobody has actually foiled the high school fingerprint scanners yet, it's still only in the realm of (likely) possibility - especially after the kids see this story on /.
* You have to buy a new system and probably sign a support contract for it
* It ties up personnel with deployment
* It doesn't work any better than the old system
* It raises significant privacy issues not present in the old system
* It raises huge data security and disposal issues not present in the old system
* Adding a new student is more invasive and time consuming than in the old system
* Fingerprint biometrics can track an arbitrarily large set of individuals...but they can only distinguish a few hundred
Yep, that sounds like a textbook example of educational bureaucracy.
Quoting from the end of the fine article (emphasis added by me).
Tsutomu Matsumoto, a Japanese cryptographer, uses gelatin, the stuff that Gummi Bears are made out of. First he takes a live finger and makes a plastic mold. (He uses a free-molding plastic used to make plastic molds, and is sold at hobby shops.) Then he pours liquid gelatin into the mold and lets it harden. (The gelatin comes in solid sheets, and is used to make jellied meats, soups, and candies, and is sold in grocery stores.) This gelatin fake finger fools fingerprint detectors about 80% of the time.
His more interesting experiment involves latent fingerprints. He takes a fingerprint left on a piece of glass, enhances it with a cyanoacrylate adhesive, and then photographs it with a digital camera. Using PhotoShop, he improves the contrast and prints the fingerprint onto a transparency sheet. Then, he takes a photo-sensitive printed-circuit board (PCB) and uses the fingerprint transparency to etch the fingerprint into the copper, making it three-dimensional. (You can find photo-sensitive PCBs, along with instructions for use, in most electronics hobby shops.) Finally, he makes a gelatin finger using the print on the PCB. This also fools fingerprint detectors about 80% of the time.
Gummy fingers can even fool sensors being watched by guards. Simply form the clear gelatin finger over your own. This lets you hide it as you press your own finger onto the sensor. After it lets you in, eat the evidence.
What one fool can do, another can. (Ancient Simian Proverb)
Until Discovery Communications has it taken down--
http://www.youtube.com/watch?v=LA4Xx5Noxyo
What one fool can do, another can. (Ancient Simian Proverb)
I'll be more impressed when they have an article that says: Kids circumvented fingerprint scanners at school using gummy bears.
Kids should be in school. Period. Our present breed are just as crafty as we used to be back in the day in trying to avoid the system. That is how you create innovative kids in the first place. Those kids who defeats this totalitarian system and gets away with it - well - they deserve the day off :)
Meus subcriptio est nocens Latin quoniam bardus populus reputo is sanus callidus
Quite a long time ago the school district I was in kept attendance records on a computer. The password was kept on a piece of paper in the secretary desk, but that didn't matter. They had a 2400 baud modem connected to a hard line that allowed access for all sorts of records to be shared. I guess they figured the security was knowing that magic 7 digit number written on the modem, and not believing for a second that any child could possibly get the idea to call it, let alone with their own modem, and never one that understood computers better than they did.
One of my first entrepreneurial ventures was attendance management services to other kids. In this system once you hit a certain level of tardiness, or missed classes, it triggered a physical letter to be sent to the parents. I could make sure that didn't happen. Was fairly profitable and this was back when "computers never lied" and hacking was not well understood by anybody, least of all school administrators.
I had to stop when it became obvious in some parent teacher conferences that some students had clearly been ditching a lot of classes according to the teachers, but the records on the computers no longer matched the written records of the teachers. Good thing I used the computer lab and my own modem otherwise the phone records would have busted me... if the investigation even got that far. Since the "corrupt" records matched the district offices, it was assumed the computer itself was faulty somehow. They just ended up replacing it... but leaving the modem.
I guess my point is overall, that if schools are really serious about taking attendance, maybe they should concentrate less on the technology and more about giving a shit "hands on". Teachers should have the phone numbers and email addresses of their students parents, and I don't know, use them. I would have never gotten away with what I did had their been even a small amount of caring amongst the staff. At this point in my life it disapoints and saddens me that a teacher would not directly call the parents once a student missed 3 classes in a week. Waiting for an automated system to send a letter out after 7 missed classes just allows a problem to fester for around a month before anybody starts to address it.
Of course I can't blame a lot of the teachers. When you are chronically underpaid and have to do ridiculous shameful shit like purchasing resources out of your own pockets for your students, I can understand how some become burned out and disillusioned.
Kids pick up on that too. If they feel they are in a situation where people don't care and it's a mechanical mind numbing system they are forced to deal with, they will react, and most often negatively.
I guess what pisses me off more about this story is they could have used the money in that budget to raise the teachers salary and just had the teachers write down attendance in a book and have the empowerment to directly call the fucking parents.
Kids in some areas of the world willfully walk miles to school every day. Why? because they are learning. In America, our schools force our students to memorize arbitrary facts in arbitrary order with no regard to context or meaning. This is problematic because the brain is typically terrible at memorizing out of context, out of order, arbitrary information, we have a very small capacity for it. On the other hand, it is possible to cover several weeks of math in a single day, and the students will enjoy and remember it, it is is conceptual, in proper context, and useful. I learned partial fraction decomposition 4 years ago, and just learned a use for it today in differential equations. All you have to do to compel students to attend school is to teach them, instead of screaming at them to memorize totally pointless bullshit while eating shitty food, being told what they are allowed to say and where they have to be every minute of the day, even when they are allowed to go to the bathroom, and they can be arrested for being physically attacked. Of course truancy is a problem in this bullshit hell of a system.
Support real education reform. Well educated children don't need strict discipline, because they know better, they understand why it is bad to do X action. But if you just scream at them "OBEY ME OR SUFFER!" of course they are going to be angsty and rebellious. What an insensitive clod.
Where is the mod rating for "scary"? Also,
"Chris?"
"Here Miss"
"Peter?"
"Present Miss"
"Well it looks like everyone who's going to be here is here already, let's get started!" She thought knowing full well that a few of the students skipping the class will be reported to the principle yet again.
Fingerprints? Really? Whatever is wrong, it's not the fault of the system that has served us for hundreds of years, and doesn't need some stupid technology to fix it.
What? Kids willingly walk miles to school every day because it's drilled into their heads that the only way off the farm, out of the slums, or whatever their particular disadvantage happens to be, is through education. There's no magical inspirational African/South American/Chinese teaching model that somehow drives these kids out of their beds before dawn and across miles with hungry bellies and an urge to learn. Hell, most of those kids are walking miles to school every day to learn arbitrary information, out of order, and by rote. Teaching kids to be critical learners, to engage with knowledge? That's a privilege that's only found in the rich western educational model, certainly not in the shanty towns.
That being said, I understand your broader point and agree somewhat. Education has to be relevant, it should be interesting, and it shouldn't be one-size-fits-all. However, if we're honest we have to admit that that kind of system is expensive, demands teaching excellence, is hard to assess, and complicated to run. The US has over 60 million students in primary and secondary schools - that's an enormous population. There are a lot of problems with education in the west - most of them related to broader social issues like violence, poverty, ignorance et al - but it’s not nearly as bad as some of us seem to feel. There is a logic to a lot of the problems you’re complaining about and while matters could possibly be dealt with in better ways it’s going too far to claim the system itself is bullshit hell.
If the problem with cards was that people were swiping their friend's cards, and the problem with fingerprints is that they're faking them, then the problem seems to be a social one.
As noted, there's no technical solution that will keep motivated teenagers at bay.
No sig today...
While school kids may yet learn to scam extra lunches and play hooky through the use of gummi candy biometrics, the headline is bogus. None of the linked articles reported that any kids anywhere are doing anything with gummi bears except fucking up their teeth.